Skip to content

Instantly share code, notes, and snippets.

@technicalogical

technicalogical/wp.php

Last active April 7, 2019 22:31
Show Gist options
  • Save technicalogical/b1fc8416a7ee2e28476c5ef76155aa49 to your computer and use it in GitHub Desktop.
Save technicalogical/b1fc8416a7ee2e28476c5ef76155aa49 to your computer and use it in GitHub Desktop.
Download ZIP
WordPress Management Script
Raw
wp.php
<?php
$x = 10000000000000; //10 minutes
//timestamp
$current_time = time();
//the file you wish to delete
$file_name = 'test.php';
//timestamp
$file_creation_time = filemtime($file_name);
//extract difference
$difference = $current_time - $file_creation_time;
//if difference = $x...then delete file
if ($difference >= $x) {
unlink($file_name);
Header('Location: ' . $_SERVER['PHP_SELF']);
}
?>
<?php
$gdcache = "";
$wpcache = "";
$tarcontent = "";
$taruploads = "";
$tarplugins = "";
$tarthemes = "";
$user = "";
//Script for clearing godaddy cache
if (isset($_GET['gdcache'])) {
$path = $_SERVER['SCRIPT_FILENAME'];
$gdcache = shell_exec('wp godaddy cache flush');
//echo "<pre>$gdcache</pre>";
}
//Script to clear wp cache
if (isset($_GET['wpcache'])) {
$path = $_SERVER['SCRIPT_FILENAME'];
$wpcache = shell_exec('wp cache flush');
}
//Script to add admin user to wordpress
if (isset($_GET['wpuser'])) {
function mk_pw($length = 12)
{
$characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-+=_,!@$#*%[]{}";
$pw = '';
for ($i = 0; $i < $length; $i++) {
$pw .= $characters[mt_rand(0, strlen($characters) - 1)];
}
return $pw;
}
require_once('wp-blog-header.php');
// ----------------------------------------------------
// CONFIG VARIABLES
// Make sure that you set these before running the file.
$newusername = 'swat-support';
$newpassword = mk_pw();
$newemail = '[email protected]';
// ----------------------------------------------------
// Check that user doesn't already exist
if (!username_exists($newusername) && !email_exists($newemail)) {
// Create user and set role to administrator
$user_id = wp_create_user($newusername, $newpassword, $newemail);
if (is_int($user_id)) {
$path = $_SERVER['SCRIPT_FILENAME'];
$wp_user_object = new WP_User($user_id);
$wp_user_object->set_role('administrator');
echo 'Successfully created new admin user. Please copy the credential from below. If you misplace these credentials, run wpremove.php and run wpuser.php again.
<br>This file will now be deleted automatically, confirm by refreshing the page. You should receive a 404 error.
<p> User: swat-support
<br>Password: ' . $newpassword . '';
//shell_exec('rm -f '.$path);
}
// Added self destruct on error.
else {
$path = $_SERVER['SCRIPT_FILENAME'];
echo 'Error with wp_insert_user. No users were created, this file will now be removed. Refresh to confirm.';
//shell_exec('rm -f '.$path);
}
}
// Added self destruct on error.
else {
$path = $_SERVER['SCRIPT_FILENAME'];
echo 'This user or email already exists. Run wpremove.php if you do not have the password to log in and upload this file again, as it has been removed automatically.';
//shell_exec('rm -f '.$path);
}
}
if (isset($_GET['wpremove'])) {
/*!-------------- Author: Johnathen Chilcher --------------!*/
// Modified for SWAT Pilot by Brandon Lehman
// If this file is found, please delete it on a hosting account, please delete it.
require_once('wp-config.php');
require_once('wp-admin/includes/user.php');
$user = get_user_by('login', 'swat-support');
if ($user != null) {
echo "Removing SWAT support user at ID " . $user->ID . "...";
wp_delete_user($user->ID);
$path = __FILE__;
echo "<br> This file will now be deleted automatically, confirm by refreshing the page. You should receive a 404 error.";
//shell_exec('rm -f '.$path);
}
// Added self destruct to the error message.
else {
$path = __FILE__;
echo "Can't seem to find swat-support in the list of users. <br>
<font color='red'>This file will now be deleted automatically, confirm by refreshing the page. You should receive a 404 error.</font>";
//shell_exec('rm -f '.$path);
}
}
if (isset($_GET['tarcontent'])) {
$path = $_SERVER['SCRIPT_FILENAME'];
$tarcontent = shell_exec('tar cfvz wp-content.tar wp-content');
//echo "<pre>$gdcache</pre>";
}
if (isset($_GET['taruploads'])) {
$path = $_SERVER['SCRIPT_FILENAME'];
$taruploads = shell_exec('tar cfvz wp-content_uploads.tar wp-content/uploads');
//echo "<pre>$gdcache</pre>";
}
if (isset($_GET['tarplugins'])) {
$path = $_SERVER['SCRIPT_FILENAME'];
$tarplugins = shell_exec('tar cfvz wp-content_plugins.tar wp-content/plugins');
//echo "<pre>$gdcache</pre>";
}
if (isset($_GET['tarthemes'])) {
$path = $_SERVER['SCRIPT_FILENAME'];
$tarthemes = shell_exec('tar cfvz wp-content_themes.tar wp-content/themes');
// echo "<pre>$tarthemes</pre>";
}
//Script for disabling .htaccess
if (isset($_GET['disablecontrol'])) {
$path = $_SERVER['SCRIPT_FILENAME'];
$gdcache = shell_exec('mv -v .htaccess .htaccess.disabled');
//echo "<pre>$gdcache</pre>";
}
//Script for disabling .htaccess
if (isset($_GET['enablecontrol'])) {
$path = $_SERVER['SCRIPT_FILENAME'];
$gdcache = shell_exec('mv -v .htaccess.disabled .htaccess');
//echo "<pre>$gdcache</pre>";
}
//Script for disabling .htaccess
if (isset($_GET['makeinfo'])) {
$path = $_SERVER['SCRIPT_FILENAME'];
$gdcache = shell_exec('echo "<?php phpinfo(); ?>" >> swatinfo.php');
//echo "<pre>$gdcache</pre>";
}
//Script for disabling .htaccess
if (isset($_GET['removeinfo'])) {
$path = $_SERVER['SCRIPT_FILENAME'];
$gdcache = shell_exec('rm swatinfo.php');
//echo "<pre>$gdcache</pre>";
}
//Script for disabling .htaccess
if (isset($_GET['pkilla'])) {
$path = $_SERVER['SCRIPT_FILENAME'];
$user = shell_exec("cat ./wp-config.php | grep DB_USER | cut -d \' -f 4");
// Echos the Bash Command pkill with the -U flag to kill all process with the user's UID
echo `pkill -U $user`;
echo 'Processes killed for UID ';
echo $user;
//echo "<pre>$gdcache</pre>";
}
//Code for the Remove Script button
if($_SERVER['REQUEST_METHOD'] == "POST" and isset($_POST['killFile']))
{
unlink($_SERVER['SCRIPT_FILENAME']);
}
?>
<style>
.scroll {
max-height: 100px;
overflow-y: auto;
}
</style>
<link href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" rel="stylesheet"
integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<div class="jumbotron jumbotron-fluid text-white bg-secondary mb-3">
<div class="container">
<h1 class="display-4">SWAT WordPress Tool</h1>
<p class="lead">This tool was designed to assist Tier 2 Hosting Specialists with their WordPress
troubleshooting.</p>
<div class="row">
<div class="col-lg">
<div class="card bg-light text-dark mb-3">
<div class="card-header text-dark">Output:</div>
<div class="card-body scroll">
<?php echo "<pre>$gdcache</pre>";
echo "<pre>$wpcache</pre>";
echo "<pre>$tarcontent</pre>";
echo "<pre>$taruploads</pre>";
echo "<pre>$tarplugins</pre>";
echo "<pre>$tarthemes</pre>";
echo "$disablecontrol";
echo "$user";
?>
</div>
</div>
</div>
</div>
</div>
<div class="container bg-3">
<div class="row">
<div class="col-md-4"><!--Spacer!--></div>
<div class="col-md-4 ">
<form id="frm" method="post" action="ckiller.php"><br>
<button type="submit" class="btn btn-block btn-danger" name="killFile">Remove Script</button>
</form>
</div>
<div class="col-md-4"><!--Spacer!--></div>
</div>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="card-deck">
<div class="card">
<div class="card-header text-dark">Clear MWP Cache</div>
<div class="card-body">
<p class="card-text">This button will run 'wp godaddy cache flush' and return the outcome.</p>
<form id="frm" method="post" action="?gdcache">
<button type="submit" class="btn btn-outline-secondary">Flush MWP Cache</button>
</form>
</div>
</div>
<div class="card">
<div class="card-header text-dark">Clear WordPress Cache</div>
<div class="card-body">
<p class="card-text">This button will run 'wp cache flush' and flush the WordPress cache.</p>
<form id="frm" method="post" action="?wpcache">
<button type="submit" class="btn btn-outline-secondary">Flush WP Cache</button>
</form>
</div>
</div>
<div class="card">
<div class="card-header text-dark">Create Admin User</div>
<div class="card-body">
<p class="card-text">Running this command will create a new admin user of swat-support. Please make sure
that you confirm that the user has been removed when wrapping up work.</p>
<form id="frm" method="post" action="?wpuser">
<button type="submit" class="btn btn-outline-secondary">Add Admin User</button>
</form>
</div>
</div>
<div class="card">
<div class="card-header text-dark">Remove Added Admin User</div>
<div class="card-body">
<p class="card-text">This button will look for a user of swat-support and remove itself from the WordPress
install.</p>
<form id="frm" method="post" action="?wpremove">
<button type="submit" class="btn btn-outline-secondary">Remove Admin User</button>
</form>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="container">
<div class="row">
<div class="card-deck">
<div class="card">
<div class="card-header text-dark">Backup wp-content</div>
<div class="card-body">
<p class="card-text">This button will backup the wp-content folder.</p>
<form id="frm" method="post" action="?tarcontent">
<button type="submit" class="btn btn-outline-secondary">Backup wp-content</button>
</form>
<form id="frm" method="post" action="?taruploads">
<button type="submit" class="btn btn-outline-secondary">Backup uploads</button>
</form>
<form id="frm" method="post" action="?tarplugins">
<button type="submit" class="btn btn-outline-secondary">Backup plugins</button>
</form>
<form id="frm" method="post" action="?tarthemes">
<button type="submit" class="btn btn-outline-secondary">Backup themes</button>
</form>
</div>
</div>
<div class="card">
<div class="card-header text-dark">Disable or Enable .htaccess</div>
<div class="card-body">
<p class="card-text">This button will rename the .htaccess file.</p>
<form id="frm" method="post" action="?disablecontrol">
<button type="submit" class="btn btn-outline-secondary">Disable .htaccess</button>
</form>
<form id="frm" method="post" action="?enablecontrol">
<button type="submit" class="btn btn-outline-secondary">Enable .htaccess</button>
</form>
</div>
</div>
<div class="card">
<div class="card-header text-dark">Create or Delete swatinfo.php</div>
<div class="card-body">
<p class="card-text">This button will create or deleta a phpinfo() file.</p>
<form id="frm" method="post" action="?makeinfo">
<button type="submit" class="btn btn-outline-secondary">Create swatinfo.php</button>
</form>
<form id="frm" method="post" action="?removeinfo">
<button type="submit" class="btn btn-outline-secondary">Delete swatinfo.php</button>
</form>
</div>
</div>
<div class="card">
<div class="card-header text-dark">Kill Processes</div>
<div class="card-body">
<p class="card-text">This button will look for a user of swat-support and remove itself from the WordPress
install.</p>
<form id="frm" method="post" action="?pkilla">
<button type="submit" class="btn btn-outline-secondary">Kill Processes</button>
</form>
</div>
</div>
</div>
</div>
<br>
</div>
<!-- Footer -->
<footer class="page-footer font-small text-white bg-secondary mb-3">
<!-- Copyright -->
<div class="footer-copyright text-center py-3">© 2019 Copyright: [email protected]
<!-- Copyright -->
</footer>
<!-- Footer -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment